INTERNET OF THINGS

UNIT_II PART-II
BACnet
BACnet (Building Automation and Control Network) is a data communications protocol that
defines the services used to communicate between building automation end-devices and building
control systems.

A data communication protocol is a set of rules governing the exchange of data over a computer
network that covers everything from what kind of cable to use to how to form a particular request
or command in a standard way.

The BACnet protocol is a completely non-proprietary open communication software standard.

There are no proprietary chip sets or special electronics required to implement it.

The standard itself is now controlled by the ANSI (American National Standards Institute) and
ASHRAE (American Society of Heating Refrigeration and Air-Conditioning Engineers) Standard
135- 1995.

The intent of this open standard is to allow building owners the opportunity to pick and choose
BACnet-compliant equipment from various vendors.
BACnet
BACnet
“Building Automation and Control Networks” (BACnet) is a data transfer
protocol for building automation and control. BACnet simplifies communication
between products from different manufacturers within building automation.

● Standardized data exchange for building automation

● Uniform communication on the management, automation and field level
● Cross-system integration of devices of different building control systems, e.g., elevator
surveillance, access control, power supply or radio applications

The protocol allows equipment such as air conditioning units, pumps and ventilation devices to
communicate with a programmable logic controller (PLC). This creates buildings with a high
degree of automation
Objects: A Collection of Information related to a particular function
that can be uniquely identified and accessed over a network in a
standardized way.
BACnet device

A BACnet device is often comprised of a microprocessor-based controller and

software combination that is designed to understand and use the BACnet protocol.
A BACnet device is typically a controller, gateway, or user interface.

Every BACnet device contains a device object that defines certain device
information, including the device object identifier or instance number.

A BACnet device object instance number must be field-configurable to be unique

across the entire BACnet network where the device in installed. For brevity this
number is often called the device instance.

In addition to the device instance, each BACnet device contains a collection of

information about the device and any input and output points that it monitors and
controls.
BACnet embraces object modeling where a physical device is characterized
by a group of standardized objects.

Each object type has a defined list of properties. The value of each property
identifies the uniqueness of each object such as the present value of an
analog input object.

Devices provide services to other devices which can vary based upon the
complexity of the device.

BACnet devices are classified by their device profile which is based upon the
services that the device can offer.

Device profiles can range from a simple Smart Sensor (B-SS) to a complex
Building Controller (B-BC).
Typical objects include Analog Inputs, Analog Outputs, Binary Inputs, Binary
Outputs, and more complex objects such as Scheduler. Messages on the
network deal with reading and writing Object Properties.

The most frequently referenced property for an analog input is “present

value”, which typically means data derived from a sensor or physical device.

Other properties associated with an analog input object, for example, include
fault status, reliability, object name, minimum and maximum limits, etc.
BACnet protocol standards define required and optional properties for each
object type.

The manufacturer’s documentation for the BACnet device will list which object
types are included in the device, along with which optional properties are
included in each object.
BACnet includes 54 standard objects that cover many common and generally useful
applications. In addition, there is a mechanism for implementers to create and use
their own non-standard objects that can be easily interoperable with other devices
that choose to use them.

The object-based model has been proven to be both robust and reliable while
providing a high degree of backward and forward compatibility.

A global, independent third party testing and listing program for BACnet devices has
been established.-The BACnet Testing Laboratories.

Each object is identified with an object identifier. An object identifier is a 32-bit

binary number containing a code for the object type and the object instance number.

Every object, has a collection of properties that define the object. Each property
includes at least a name and a value.
A BACnet property conveys information about a BACnet object. Objects have a
collection of properties, based on the function and purpose of the object

Each property contains two pieces of information: a property identifier and the
property’s value.

Property Identifiers are numbers that uniquely identify a given property in the context of
the Object type.

Properties may be defined as read-only or read/write.

A property’s purpose is to allow other BACnet devices to read information about the
object containing the property, and potentially write (change) a different value to the
property.

Depending on the type of object that the property belongs to, particular object
properties may be optional or required for implementation per the BACnet standard.
Each object is characterized by a set of properties
that describes its behaviour and govern its
operations.
https://www.automatedbuildings.com/news/aug08/articles/cctrls1/080724032404cctrls.htm

Object Name Space Temp

Object Type Analog Input

Present Value 71

Status Flags Normal, InService

High Limit 77

Low Limit 67
Standard objects
● Binary Input ● Loop
● Binary Output ● Calendar
● Binary Value
● Notification Class
● Analog Input
● Command
● Analog Output
●
● File
Analog Value
● Averaging ● Program
● LifeSafety Zone ● Schedule
● LifeSafety Point ● Trend Log
● Multi-State Input ● Group
● Multi-State Output
● Event Enrollment
● Multi-State Value
● Device

Analog value points are useful for representing
some part of system logic in a way the user can
both see and override.
Examples:
● Space temperature setpoint
● Boiler reset temperatures (x4)
● Economizer mode enable temperature
Analog inputs are typically sensor values. You
can’t write to an analog input, they are read-
only.
Examples:
● Space temperature
● Differential pressure
● Valve position from a valve with feedback
Analog outputs are typically physical outputs that
touch the field and often can be overridden by a user.
Valve commands, fan speeds, and boiler fire rate
outputs are represented as Analog Outputs.
Examples:
● Fan speed command
● Valve position command
● Boiler fire rate
A nice thing about BACnet objects and binary values is
that the “text” can be something other than “ON” and
“OFF”. You can program a BACnet point to say
something smart, like “Free Cooling” and “Mechanical
Cooling” instead by changing the trueText and
falseText properties.
Examples:
● System enable
● Economizer mode enable
● Night set back mode
Binary inputs are typically used to represent
Device objects directly useful to a
a physically measured two-position state of
technician or operator. They are useful
something. They are read-only BACnet
objects.
for a building automation system to
keep track of devices for monitoring.
Examples:
● Fan status from a current transducer They have an operational state
● Leak detector parameter that can give the system
● Filter alarm from a pressure switch feedback about the device’s health.
Binary outputs represent a physical digital
output. They can be overridden, typically.
. You can’t write to a device object, but
there are some actions you can perform
Examples:
on them.
● Boiler enable
● Two-position valve position Devices can be reinitialized, warm
● Cooling tower high/low speed mode started, and cold started.

Multistate input can represent many states. Each
can be descriptively labelled, allowing a system to
distill the mode of a complicated sequence with
one simple point. These are less likely to represent
physical points, and more likely to represent some
state of a process that cannot be changed by the
user.
Examples:
● Defrost cycle state
● Cistern level
Multistate output can often be overridden by a
user. Useful for process states, like “morning warm
up”, “normal”, “standby”, etc.
Examples:
● Air handler mode
● Cooling tower mode (one fan, low; one fan,
high; two fans, low; two fans, high)
Loop objects represent PID-loops and allow a user to tune the
loop. The provide a proportional, integral, and derivative gain
parameter that can be used to alter the loops performance.
Examples:
● Return temperature control loop
● Duct pressure control loop
The Schedule object is defined by the standard as a
periodic schedule of events that may repeat within a
range of dates. The schedule object is categorized into
two types of days:
● Normal Days in a Week
● Exception Days
The two types can entail scheduled events for an
entire day or portions of a day.
BACnet services
BACnet services
service is the mechanism which a building
automation system uses to access a property or
request an action from a BACnet Object.
Services are how one BACnet device gets
information from another device, commands a
device to perform certain actions or
communicates events to other objects.
The model of objects and services is realized
by encoding messages into a stream of
numeric codes that represent the desired
functions or services to be performed.
● object access (read, write, create,
delete);
● device management (discover,
time synchronization, initialize,
backup and restore database);
● alarm and event (alarms and
changes of state)
● file transfer (trend data, program
transfer);
● virtual terminal (human machine
interface via prompts and menus).
● http://www.bacnet.org/Bibliography/ES-7-96/ES-7-96.
htm
BACnet services
BACnet services
BACnet services
BACnet services
BACnet services
BACnet services
BACnet Architecture
BACnet Architecture
BACnet Architecture
BACnet Architecture
BACnet Architecture
BACnet Architecture
BACnet Architecture
BACnet LAN Technology
BACnet LAN Technology
BACnet network
BACnet devices communicate to one another over a network.

Interconnecting BACnet networks requires BACnet routers while connecting non-

compliant BACnet devices to a BACnet network requires a gateway.

The 2012 BACnet standard defines seven network types, which serve as the transport for
BACnet messages. The seven supported network types are:

● BACnet/IP
● BACnet MS/TP (Master-Slave/Token Passing)
● BACnet ISO 8802-3 (Ethernet)
● BACnet over ARCNET
● BACnet Point-to-Point (EIA-232 and Telephone)
● BACnet over LonTalk Foreign Frames
● BACnet over ZigBee
BACnet network
The network types encompass the physical and datalink layers of
the protocol. This combination of physical and datalink layers is often
called the MAC (Medium Access Control) layer.

A BACnet message itself is independent of the MAC layer used to

transport the message.

Therefore, in BACnet, messages to command or monitor information

are the same, no matter which MAC layer used for transport.
BACnet/IP
This MAC type is commonly used with existing Ethernet infrastructure, VLAN and
WAN networks.

Devices plug directly into Ethernet switches or hubs. This is a fast and high
performance type of LAN, but also the most expensive.

BACnet/IP uses UDP/IP for compatibility with existing IP infrastructure.

When BACnet/IP is used with multiple IP subnets, then special additional device
functionality called BACnet Broadcast Management Devices (BBMDs) are
required to manage inter-subnet BACnet broadcast messages.

BACnet over IP allows for communication between different IP subnets, multi-campus

control systems, and can even use fiber and gigabit-ethernet. Communications in BACnet
over IP rely upon the protocol rules of IP and Ethernet.
BACnet over MS/TP.

Each device is wired via RS-485 twisted-pair serial cabling, daisy-chained together into
one network.

Communication is based around passing “tokens,” which is a way for devices on the same
MS/TP network to take turns initiating conversations with other devices.

Only master type of devices can have the token and request data or send data without
being specifically requested.

Sensors are sometimes manufactured to operate as slave devices, and they can only send
messages when specifically requested – they never have the token

This LAN type uses EIA-485 twisted pair for signaling up to 4000 feet. It is the most
popular type of BACnet LAN for unitary and application-specific controllers, and is also
the lowest cost.
Baud Rate is the rate at which data is communicated to the devices.

You can configure the MS/TP networks to communicate at the following baud rates:

● 9.6 kbps
● 19.2 kbps
● 38.4 kbps
● 76.8 kbps

All the devices on the MS/TP segment must communicate at the same baud rate.

BACnet MS/TP is a token-passing protocol which uses standard serial ports on

microcontrollers and EIQ-485 transceivers

Compared to BACnet IP , BACnet MS/TP is much slower and less secure.

BACnet ISO 8802-3 (Ethernet)

BACnet can be used directly with Ethernet 8802-3 networks. This MAC type is
comparable to BACnet/IP in terms of cost and speed, but limited to a single
physical infrastructure that does not make use of IP routers.

BACnet over ARCNET

This MAC type has two forms: 2.5Mbs coax, and 156Kbs over EIA-485. The
ARC156K form has a modest increase in performance compared to MS/TP for a
slight cost difference. A limited number of vendors support BACnet using ARCNET.
BACnet Point-to-Point

This MAC type is only used over dial-up telephone networks. The direct EIA-232
connection style is generally no longer used in favor of direct Ethernet connection.

BACnet over LonTalk Foreign Frames

BACnet allows the transport component of LonTalk to be used to carry BACnet

messages. However, the two protocols are not interoperable.

BACnet over ZigBee

This MAC is a wireless mesh network generally used with very low-cost devices. It
is typically used as a gateway to ZigBee devices and not as a native BACnet
transport.
Modbus Protocol
The Modbus protocol is a communication protocol that allows devices to
communicate over various types of media, such as serial lines and ethernet. It was
developed in 1979 by Modicon, a company that produced Programmable Logic
Controllers (PLCs), to enable these devices to communicate with each other.

Modbus provides a messaging structure designed to establish master-slave

communication between intelligent devices. A Modbus message sent from a
Device A (master) will initiate a response from Device B (slave).
Modbus Protocol
The function of the Modbus protocol is to define the content of the communication,
how the information is packaged, and the order in which messages are sent and
received.

The Modbus protocol is simple and robust, making it a popular choice for industrial
control systems. It's an open standard, meaning it's free for anyone to use and
modify, leading to its widespread adoption throughout the industry.
Components of Modbus Protocol
● Modbus Devices/Machines
Modbus devices or machines are the actual physical devices that communicate
using the Modbus protocol. These devices can be anything from temperature
sensors to motor controllers, and they can be located anywhere from a factory
floor to a remote oil field.
Components of Modbus Protocol
● Modbus Master
● The Modbus master is the device that initiates a Modbus transaction. It sends
a request to a Modbus slave device and waits for a response. The master can
communicate with multiple slaves, and it can request different types of data
from each one.
● Modbus Slave
● A Modbus slave is a device that waits for a request from a Modbus master.
When it receives a request, it will process it and send a response back to the
master. The slave does not initiate communication; it only responds to
requests from the master.
Components of Modbus Protocol
● Data Model and Registers
● The Modbus data model is based on a series of registers. These registers are
simply memory locations in the device that can hold data—they represent
storage area within a device. There are two types of registers:
○ Holding registers: Can be read and written to by a Modbus master.

○ Input registers: Can only be read by a master.

Types of Inputs
● There are two main types of inputs in a Modbus system:
● Coils are a type of data in the Modbus protocol that represents binary states,
such as ON/OFF or TRUE/FALSE. They can be read and written to by a
Modbus master.
● Discrete inputs are similar to coils in that they represent binary states.
However, unlike coils, they can only be read, not written to.
Modbus Message Frame
● A Modbus frame is the structure of a Modbus message. It consists of a start
frame, function code, data, and an end frame. The following table shows the
structure of the frame in more detail, in the ASCII variant of the protocol (learn
more below):
Modbus Message Frame
Modbus Communication Modes
● There are three main communication modes in the Modbus protocol:

○ RTU (Remote Terminal Unit)

○ ASCII (American Standard Code for Information Interchange)

○ TCP/IP (Transmission Control Protocol/Internet Protocol)

Modbus Communication Modes
● Modbus RTU
● Modbus RTU (Remote Terminal Unit) is a binary implementation of the
Modbus protocol. It is typically used over serial communication and is known
for its compact data representation, which makes it efficient and fast.
● Modbus ASCII
● Modbus ASCII (American Standard Code for Information Interchange) is an
ASCII implementation of the Modbus protocol. It is less efficient than Modbus
RTU, but it is easier to use and debug because it uses human-readable
characters.
Modbus Communication Modes
● Modbus TCP/IP
● Modbus TCP/IP is a version of the Modbus protocol that is used over TCP/IP
networks. It allows for communication over long distances and across
different networks.
● Modbus UDP
● Modbus UDP (User Datagram Protocol) is a version of the Modbus protocol
that uses the UDP transport protocol. It is less reliable than Modbus TCP/IP
because it does not guarantee delivery or correct sequence of packets, but it
is faster and requires less bandwidth.
Modbus Communication Modes
● Modbus TCP/IP
● Modbus TCP/IP is a version of the Modbus protocol that is used over TCP/IP
networks. It allows for communication over long distances and across
different networks.
● Modbus UDP
● Modbus UDP (User Datagram Protocol) is a version of the Modbus protocol
that uses the UDP transport protocol. It is less reliable than Modbus TCP/IP
because it does not guarantee delivery or correct sequence of packets, but it
is faster and requires less bandwidth.
Modbus Communication Modes
● Modbus TCP is often referred to as Modbus over Ethernet. Modbus TCP (also ModbusTCP/IP) is
simply the Modbus RTU protocol with a TCP interface that runs on Ethernet. Modbus/TCP also
allows many more addresses than RS485, the use of multiple Masters and speeds in the gigabit
range.
Difference between
Modbus
● Modbus Plus
● Modbus Plus (MB+ or Modbus+) is a proprietary variant of the Modbus
protocol, which was introduced by Schneider Electric. It is a peer-to-peer
communication protocol that offers higher speed and more deterministic data
transfer compared to the standard Modbus.
● Uses of Modbus Protocol
● Industrial Automation: Modbus enables easy and standardized
communication between a variety of devices, such as Programmable Logic
Controllers (PLCs), sensors, and actuators. It is often employed in
manufacturing plants, power plants, oil refineries, and other industrial settings
to monitor and control equipment and processes.
Modbus uses
● Vehicle Systems
● The Modbus protocol is also utilized within vehicle systems, specifically in the
realm of electric vehicles. It aids in monitoring and controlling various
parameters, including battery management systems, charging systems, and
inverter systems. Modbus offers an efficient and easy-to-implement protocol
for ensuring the smooth operation of these systems.

● Communications in IoT
● Modbus TCP/IP, is used to enable communication between IoT devices,
sensors, and controllers over ethernet networks. Its simplicity and wide
support make it a common choice for IoT communications.
Modbus uses
● Sensor and Actuator Communication
● The Modbus protocol plays a key role in facilitating communication between
sensors and actuators. It provides a standard interface for transmitting data,
such as sensor readings or control signals for actuators. This enables a
centralized control system or PLC to monitor and control a wide variety of
equipment in a coordinated manner. The use of Modbus protocol in sensor
and actuator communication is prevalent in a range of fields, from industrial
machinery to environmental monitoring systems.
KNX
● Bus system for building control.
● all devices in a KNX system use the same transmission method and are able
to exchange data via a common bus network.
● KNX bus system has decentralised structure and there is no need for a
central control unit, because the “intelligence” of the system is spread across
all of its devices.
● In order to transfer control data to all building management components (or
smart home devices/functions), a system is required that avoids the problem
of having isolated devices speaking 'different languages'.
● KNX works by ensuring all components, devices, features and functions of
any building (or outdoor space) communicate via one common language
instantly and remotely.
Building automation system
It enables the interaction and coordination between various devices and systems,
ranging from lighting, heating, ventilation, and air conditioning systems, to more
complex systems like security and energy management.
It is a green cable which is installed in addition to the conventional mains supply during a
new build or renovation project.

All of the various building technology elements are then connected to one another via the
main KNX bus line in accordance with the KNX standard for building automation.

The cable system is then managed by such things as sensors, detectors, parameters, etc. —
which can then be conveniently controlled by end users with a laptop, smartphone or tablet
device.

Installed KNX systems can be accessed via LAN, point to point links, or phone networks for
central or distributed control of the system via computers, tablets and touch screens, and
What is KNX protocol? The KNX protocol is a standardized, open protocol for commercial
and domestic building automation. It enables the integration and programming of a range of
devices from different manufacturers with different applications, including lighting control,
security, audio and video, and energy management.

How does KNX protocol work? KNX works by allowing devices to communicate with each
other over a common system. Devices can be connected via twisted pair, powerline, RF, or
IP/Ethernet. These devices can either be sensors or actuators needed for the control of
building management equipment such as HVAC, lighting, or security systems. The
communication between these devices is based on a decentralized structure where the
devices communicate directly with each other without the need for a central control unit.
KNX infrastructure and KNX smart building systems can be used in almost any
building or outdoor space — from a small house to a large shopping mall or
industrial complex.

● Private homes
● Residential accommodation (apartments, retirement homes, town houses, etc.)
● Offices
● Plazas
● Schools
● Casinos
● Hospitals
● Shopping Malls
● Public buildings and outdoor spaces (government buildings, libraries, council land,
etc).
The Advantages of KNX

● Increased safety
● Economic use of energy during the operation of buildings
● Simple adaptation of the electrical installation to the changing
requirements of the user
● Higher degree of convenience
● future-proof installations
● wide range of available off-the-shelf components from many
manufacturers
● large service network of qualified
contractors/planners/integrators
Communication media
Various communication media can be used for the exchange of data between
devices in a KNX system:
● Twisted Pair Wiring (KNX TP): This is the most commonly used form of KNX
installation. It requires a low-rate transmission of data (9600 bit/sec) over a
twisted pair of wires.
● Power Line (KNX PL): KNX PL uses existing AC electrical wiring for
communication, eliminating the need for separate data cables. It is often used
for retrofit applications where it is difficult to run new cables.
● Radio Frequency (KNX RF): KNX RF is a wireless communication medium
for KNX, ideal for retrofitting or in situations where it is impractical to install
data cables.
● KNX IP – communication via Ethernet
The KNX bus is routed in parallel to the electrical power supply to all
devices and systems on the network linking:

● Sensors (e.g. push buttons, thermostats, anemometers,

movement) gather information and send it on the bus as a data
telegram.
● Actuators (dimming units, heating valves, displays) receive data
telegrams which are then converted into actions; and Controllers
and other logic functions (room temperature controllers, shutter
controllers and other)
● System devices and components (e.g. line couplers, backbone
couplers).
KNX twisted pair
● Cost effective and easy to install media .
● The bus cable supplies all bus devices with both data and power. The rated
voltage of the bus system is 24 V.
● The data transfer rate is 9,600 bit/s, and the data travel serially, one byte at a
time via asynchronous data transfer.
● When a logical zero is transmitted the voltage drops briefly.
● The transmission of logical ones corresponds to the idle state of the bus.
● The DC supply voltage is first of all separated from the data carrying AC
voltage. The DC supply voltage is created by a capacitor, while a transformer
decouples the data-carrying AC voltage.
● In transmitting devices, the transformer also serves to superimpose the
outgoing data onto the bus voltage.
Information is exchanged between bus devices in the form of so-called telegrams.
A telegram consists of a sequence of characters, with each character consisting of
eight zeros and ones, in other words eight bits, or one byte.
Access to the KNX bus, is random and event-driven.

A telegram can only be transmitted if no other telegram is being transmitted at the

same time.

To prevent collisions during transmission,the priorities of the various sending

devices are regulated by the CSMA/CA (Carrier Sense Multiple Access/Collision
Avoidance) method.

If two devices are sending a telegram at the same time, then inevitably one sender
will transmit a 0 while the other wants to transmit a 1. The device sending the 1
“hears” that a 0 is being transmitted along the bus,and detects the collision.

It is obliged to abort its own data transmission and give priority to the other
transmission.
Connection of bus devices

Bus devices are connected to the data cable via components known as bus
terminals – plugin terminals able to accommodate up to four KNX cables.

The bus terminals make it possible to disconnect devices from the bus without
interrupting the bus line.
KNX powerline
Using the existing electricity cables in a building as the KNX communication
medium is a cost-effective way of retrofitting a building with KNX.

In KNX Powerline (KNX PL) there is no need to lay a dedicated bus cable: the
electricity

cables already installed (one of the three phases + the neutral wire) themselves
become the communication medium.

The data signals are superimposed onto the mains voltage.the power required by
the bus devices comes from the 230 V mains electricity grid.

Phase couplers are used to ensure that data communication can take place via all
three phases, while band-stop filters prevent the propagation of data signals
through the building connection towards the mains grid.
KNX IP
Uses UDP/IP.The existing network infrastructure in the building can be used for
the KNX main and backbone lines.

● Buildings can be monitored and controlled via Ethernet from anywhere in the
world
● Several individual sites can be observed and maintained from a central
location over the internet
● KNX customer installations can be analysed and programmed remotely over
the internet by the designer of the KNX system.
The KNX system uses two Ethernet communication methods – tunneling and
routing – both of which use the UDP protocol.

Tunneling is used to access the bus from a local network or the internet for
purposes of e.g. programming the KNX installation, while routing is used for
exchanging telegrams over an Ethernet network,
(Engineering Tool Software)ETS is to be used to send KNX telegrams in a connection
oriented manner within an IP framework.In tunneling, communication always takes
place via the IP address of the KNXnet/IP device that is being used for tunneling.

Routing is needed for the simultaneous,connectionless transmission of KNX telegrams

to several participants via a KNXnet/IP router.

A KNXnet/IP router serving as a line coupler for a KNX TP cable will only send a
telegram to the IP side if the corresponding group address appears in the filter table of
the KNXnet/IP router.

For forwarding via Ethernet, the KNX telegrams are individually packed in UDP/IP
telegrams and sent as multicast telegrams. All KNX/IP routers in the network receive
these telegrams simultaneously and use their routing tables to determine whether to
forward the telegram to the connected KNX line.
KNX topology
KNX systems can be added to as desired, and can consist of several KNX
subsystems based on different communication media such as twisted pair wiring
(KNX TP), powerline networking (KNX PL), Ethernet (KNX IP), and radio (KNX
RF)

To ensure problem-free transmission of telegrams between individual bus

devices,KNX systems must adhere to a specific topology.

KNX TP:

● basic unit of a KNX TP installation is a line.

● A line includes a KNX power supply (including choke), and usually no more
than 64 other bus devices.
● The bus cable can be laid as desired, and branches can be added at any point.
● The bus cable can be laid as desired,
and branches can be added at any
point.
● A free tree structure, which allows a
great deal of flexibility in terms of layout.
● Line Repeaters can be used to extend
a line if more than 64 devices are
needed.
● Sections added in this way are known
as line segments.
● A line segment consists of a line
repeater,a power supply and no more
than 64 further bus devices.
● No more than three repeaters can be
operated in parallel in a line, meaning
the maximum number of bus devices is
255.
Another way of expanding the installation is to
create new lines using Line Couplers.

lines are not normally extended to their

maximum size using line repeaters new lines
are generally created instead .

Line couplers makes the system more

manageable, and also reduces the number of
telegrams travelling along each line by taking
advantage of the filter function.

Up to 15 lines can be operated via Line

Couplers on a line – the main line – to form an
area .

The main line can likewise accommodate up to

64 devices.

Line Couplers in the main line count as bus

devices. Each line needs its own power supply
Up to 15 areas can be added to an area line via Area Couplers, to form a complete system (Fig. 22). Just
like the main line, the area line can accommodate up to 64 bus devices.

Line Couplers on the area line count as bus devices. In practice, area coupling is typically performed using
Line Couplers parameterised as area couplers.

The area line is also called the backbone, so it also needs its own power supply.
The LC00B01KNX KNX line
coupler has been made in a
compact design. It connects two
KNX bus segments (for example, a
KNX line with a KNX area). The
device has a filter table (8k bytes)
and ensures a galvanic isolation
between the lines.
KNX Addressing
Every device in a KNX system is assigned a unique, unambiguous number – its Individual
Address. This consists of three numbers separated by dots.

Physical addresses are needed in order to identify devices clearly, and also to program them.

The numbers depend on the position of the bus device in the topology:

● The first number denotes the number of the area

● The second number denotes the number of the line
● The third number is a sequential number indicating the device’s position in the line.

Physical address 2.3.20: bus device 20 in the third line of the second area.
KNX RF
Can be installed virtually anywhere.Provided that they are within range of one
another, any sensor can communicate with any actuator.

KNX RF telegrams can be received by devices in other, nearby KNX RF

installations. It therefore needs to be ensured that neighbouring installations
cannot interfere with one another.

Telegrams sent by KNX radio transmitters always include the serial

number/domain address of the device as a unique identifier.

Only those receivers paired with the transmitter are able to process telegrams sent
by it.
KNXnet/IP routers can additionally be used to connect entire separate systems
with one another via Ethernet.

KNX IP can also be used to network KNX devices,Software is available for

communicating with KNX systems via KNXnet/IP.

Ethernet installations are connected using network cables. Various types of

network cable are available, each using a different method for shielding the cable
cores.

It is generally not permitted for these cables to be longer than around 100 m.

For longer installations, special network components are needed to join together
individual network segments.
KNXnet/IP routers (routing) are given the sequential number 0 (like area and line
couplers). KNX IP interfaces (tunneling) can be given any sequential number.

Individual Address 1.5.0: KNXnet/IP router acting as a line coupler, coupling the
fifth line with the main line in the first area.
Modbus
Protocol that is used in many industrial and HVAC installations.

Modbus is often used to connect a plant/system supervisory computer with a

remote terminal unit (RTU) in Supervisory Control and Data Acquisition (SCADA)
systems in the electric power industry.

Modbus is a data communications protocol originally published by Modicon (now

Schneider Electric) in 1979 for use with its programmable logic controllers (PLCs).

Commonly for connecting industrial electronic devices ,openly published,royalty

free,easy to deploy and maintain .

ModBus is an application layer messaging protocol that provides client/server

communication between devices connected on different types of buses or networks.
 Modbus is typically used to transmit data from control
instrumentation to a logic controller or a system for archiving data.

In building automation, for example, temperature and humidity are

often communicated to a computer for long term storage.

Modbus is often used to connect a supervisory computer with a

remote terminal unit (RTU) in supervisory control and data
acquisition (SCADA) systems.
ModBus typically runs on top of RS 232, RS 442 point to point or RS 485 point to
multipoint links.

The ModBus/TCP specification, defines an IP-based link layer for ModBus frames.

ModBus devices communicate using a master-slave model: one device, the

master, can initiate transactions (called queries), which can address individual
slaves or be broadcast to all slaves.

The slaves take action as specified by the query, or return the requested data to
the master.
https://www.amazon.in/Port-Powered-Industrial-Communication-Anti-surge-Protection/dp/B01CXY9S6M/ref=pd_lpo_147_img_1/261-4
963277-1316620?_encoding=UTF8&pd_rd_i=B01CXY9S6M&pd_rd_r=674f20a5-dba2-4ed5-9120-8c9809455172&pd_rd_w=buM8t&p
d_rd_wg=Yz6Ra&pf_rd_p=5a903e39-3cff-40f0-9a69-33552e242181&pf_rd_r=H7H1848GNS4HR30SBK04&psc=1&refRID=H7H1848
GNS4HR30SBK04
Modbus working

A conversation is always started by a master in the Modbus network. A Modbus master

sends a message, and depending on the contents of the message, the slave interprets

the message and responds to it.

Physical slave addressing in the message header is used to define which slave device

should respond to a message. All other nodes on the Modbus network ignore the

message if the address field doesn’t match their own address.

Modbus functions perform read and write instructions to the slave’s internal memory

registers to configure, monitor, and control the slave’s inputs and outputs.
MODES
Controllers can be setup to communicate on standard Modbus networks using either of two
transmission modes: ASCII or RTU.

ASCII Mode

When controllers are setup to communicate on a Modbus network using ASCII mode, each
eight-bit byte in a message is sent as two ASCII characters. The main advantage of this mode is
that it allows time intervals of up to one second to occur between characters without causing an
error.

Coding System
Hexadecimal ASCII printable characters 0 ... 9, A ... F
Bits per Byte
1 start bit
7 data bits, least significant bit sent first
1 bit for even / odd parity-no bit for no parity
1 stop bit if parity is used-2 bits if no parity
Error Checking
Longitudinal Redundancy Check (LRC)
RTU Mode (Remote Terminal Unit)

Each eight-bit byte in a message contains two four-bit hexadecimal characters. The main advantage of
this mode is that its greater character density allows better data throughput than ASCII for the same
baud rate. Each message must be transmitted in a continuous stream.

Coding System

Eight-bit binary, hexadecimal 0 ... 9, A ... F.Two hexadecimal characters contained in each
eight-bit field of the message

Bits per Byte

1 start bit

8 data bits, least significant bit sent first

1 bit for even / odd parity-no bit for no parity

1 stop bit if parity is used-2 bits if no parity

Error Check Field

Cyclical Redundancy Check (CRC)

Modbus RTU messages are a simple 16-bit structure with a CRC The simplicity of these
messages is to ensure reliability.

This protocol primarily uses an RS-232 or RS-485 serial interfaces for communications .

In order to build the Modbus application data unit, the client must initiate a Modbus
transaction. It is the function which informs the server as to which type of action to
perform.

The format of a request initiated by a Master is established by the Modbus application

protocol. The function code field is then coded into one byte. Only codes within the range
of 1 through 255 are considered valid, with 128-255 being reserved for exception
responses.

When the Master sends a message to the Slave, it is the function code field which informs
the server of what type of action to perform.
 Modbus RTU is a relatively simple serial protocol that can be transmitted via
traditional UART technology. Data is transmitted in 8-bit bytes, one bit at a time, at
baud rates ranging from 1200 bits per second (baud) to 115200 bits per second.
The majority of Modbus RTU devices only support speeds up to 38400 bits per
second.

Each slave has a unique 8-bit device address or unit number.

Modbus protocol devices will typically include a register map outlining where the

configuration, input and output data can be written and read from. You should always

refer to the slave’s register map of your device to gain a better understanding of its

overall operation.

The Modbus data model has a simple structure described in four basic data types:

1. Discrete Inputs

2. Coils Outputs

3. Input Registers (Input Data)

4. Holding Registers (Output Data)

The Modbus memory registers of a device are organized around the four basic data

reference types and this data type is further identified by the leading number used in

the devices memory address, such as:

– Zero (0) based register referencing a message to Read or Write “discrete outputs

or coils”.

– One (1) based register referencing Reading “discrete inputs”.

– Three (3) based register referencing Reading “input registers”.

– Four (4) based register referencing Reading or Writing to “output or holding

registers”.
Modbus RTU Common Starting
address
Data Type name

Modbus Coils Bits, binary values, flags 00001

Digital Inputs Binary inputs 10001

Analog Inputs Binary inputs 30001

Modbus Registers Analog values, variables 40001

 Function Code Register Type
1
https://www.modbustools.com/modbus.html Read Coil
2 Read Discrete Input
3 Read Holding Registers
4 Read Input Registers
5 Write Single Coil
6 Write Single Holding Register
15 Write Multiple Coils
16 Write Multiple Holding Registers
 An example of a Modbus RTU request for the content of analog output
holding registers # 40108 to 40110 from the slave device with address 17.
11 03 006B 0003 7687
11: The SlaveID Address (17 = 11 hex)
03: The Function Code (read Analog Output Holding Registers)
006B: The Data Address of the first register requested.
(40108-40001 = 107 =6B hex)
0003: The total number of registers requested.
(read 3 registers 40108 to 40110)
7687: The CRC (cyclic redundancy check) for error checking.
Limitations
● Modbus was designed in the late 1970s to communicate to programmable logic controllers,
the number of data types is limited to those understood by PLCs at the time. Large binary
objects are not supported.
● No standard way exists for a node to find the description of a data object, for example, to
determine if a register value represents a temperature between 30 and 175 degrees.
● Since Modbus is a master/slave protocol, there is no way for a field device to “report by
exception” (except over Ethernet TCP/IP, called open-mbus)
● Modbus is restricted to addressing 247 devices on one data link, which limits the number of
field devices that may be connected to a master station (once again Ethernet TCP/IP proving
the exception).
● Modbus transmissions must be contiguous which limits the types of remote communications
devices to those that can buffer data to avoid gaps in the transmission.
MODBUS TCP/IP
● Modbus TCP Is an Internet protocol.
● Modbus TCP is essentially Modbus RTU, however Modbus TCP is used over ethernet
● This means that a Modbus TCP device installed in Europe can be addressed over the Internet
from the USA from anywhere else in the world.
● Modbus TCP/IP (also Modbus-TCP) is simply the Modbus RTU protocol with a TCP interface
that runs on Ethernet.
● Modbus TCP/IP uses TCP/IP and Ethernet to carry the data of the Modbus message structure
between compatible devices.
● Modbus TCP/IP combines a physical network (Ethernet), with a networking standard
(TCP/IP), and a standard method of representing data (Modbus as the application protocol).
Essentially, the Modbus TCP/IP message is simply a Modbus communication encapsulated in
an Ethernet TCP/IP wrapper.
Transaction Identifier: 2 bytes set by the Client to uniquely identify
each request. These bytes are echoed by the Server since its
responses may not be received in the same order as the requests.
Protocol Identifier: 2 bytes set by the Client. Modbus TCP = 00 00
Length: 2 bytes identifying the number of bytes in the message to
follow.
Unit Identifier: 1 byte set by the Client and echoed by the Server for
identification of a remote slave connected on a serial line or on
other buses.
 Function Code What the function does Value type Access type

01 (0x01) Reading DO Read Coil Status Discrete Reading

02 (0x02) Reading DI Read Input Status Discrete Reading

03 (0x03) Reading AO Read Holding Registers 16 bit Reading

04 (0x04) Reading AI Read Input Registers 16 bit Reading

05 (0x05) One DO recording Force Single Coil Discrete Recording

06 (0x06) Recording one AO Preset Single Register 16 bit Recording

15 (0x0F) Multiple DO recording Force Multiple Coils Discrete Recording

16 (0x10) Recording multiple AOs Preset Multiple Registers 16 bit Recording

Information is then nested into the data/payload field of a standard TCP frame, the
total of which is then nested into the IP frame, which is then nested into the
Ethernet/MAC frame for transmission over Ethernet.

The complete Modbus TCP/IP Application Data Unit is embedded into the data
field of a standard TCP frame and sent via TCP to well-known system port 502,
which is specifically reserved for Modbus applications.

Modbus TCP/IP clients and servers listen and receive Modbus data via port 502.

Modbus TCP/IP shares the same physical and data link layers of traditional IEEE
802.3 Ethernet and uses the same TCP/IP suite of protocols, it remains fully
compatible with the already installed Ethernet infrastructure of cables, connectors,
network interface cards, hubs, and switches.
A TCP connection is established by the client. Servers cannot initiate TCP
transactions. It is good practice to keep a TCP connection open with a remote
server and not open and close it for each Modbus message.

Some Modbus devices may operate as both clients and servers. two-way
communication is possible with separate connections opened for the client data
flow and the server data flow.

A Modbus client may have many simultaneous TCP connections open at any
given time. It uses a local port to send its message while the remote server
receives this message on well-known port 502.

A client can initiate several Modbus messages with a remote server without
waiting for the end of a previous one. Thus, several Modbus messages can be
sent on the same TCP connection (but not the same PDU). In this case, the
Modbus transaction identifier (of the MBAP header) is used to match requests to
A TCP frame must transport only one Modbus Application Data Unit (ADU) at a
time.

it is not recommended to send multiple Modbus requests on the same PDU.

The equivalent request to this Modbus RTU example
11 03 006B 0003 7687
in Modbus TCP is:
0001 0000 0006 11 03 006B 0003
0001: Transaction Identifier
0000: Protocol Identifier
0006: Message Length (6 bytes to follow)
11: The Unit Identifier (17 = 11 hex)
03: The Function Code (read Analog Output Holding Registers)
006B: The Data Address of the first register requested. (40108-40001 = 107 =6B hex)
0003: The total number of registers requested. (read 3 registers 40108 to 40110)
IEEE 802.15.4
IEEE 802.15.4 is a standard that was developed to provide a framework and the lower
layers in the OSI model for low cost, low power wireless connectivity networks.

IEEE 802.15.4 provides provides the MAC and PHY layers, leaving the upper layers to
be developed for specific higher later standards like Thread, Zigbee, 6LoWPAN and many
others.

Low power is one of the key elements of 802.15.4 as it is used in many areas where
remote sensors need to operate on battery power, possibly for years without
attention.

The IEEE 802.15.4 standard is aimed at providing the essential lower network layers
for a WPAN. The chief requirements are low-cost, low-speed ubiquitous
communication between devices.

The concept of IEEE 802.15.4 is to provide communications over distances up to about 10

metres and with maximum transfer data rates of 250 kbps
IEEE 802.15.4 can use:

1. The 2.4 GHz ISM band (S-band) worldwide, providing a data rate of 250 kbps
(O-QPSK modulation) and 15 channels (numbered 11–26);

2. The 902–928 MHz ISM band (I-band) in the US, providing a data rate of 40
kbps(BPSK modulation), 250 kbps (BPSK+O-QPSK or ASK modulation) or
250 kbps (ASK modulation) and ten channels (numbered 1–10)

3. The 868–868.6 MHz frequency band in Europe, providing a data rate of 20

kbps (BPSK modulation), 100 kbps (BPSK+O-QPSK modulation) or 250 kbps
(PSSS: BPSK+ASK modulation), and a single channel (numbered 0 for BPSK
or O-QPSK modulations, and 1 for ASK modulation).
1. 802.15.4 networks are setup by a PAN coordinator node, sometimes simply
called the coordinator.
2. There is a single PAN coordinator for each network identified by its PAN ID. The
PAN coordinator is responsible for scanning the network and selecting the
optimal RF channel, and for selecting the 16 bits PAN ID for the network.
3. Other 802.15.4 nodes must send an association request for this PAN ID to the
PAN coordinator in order to become part of the 802.15.4 network.
4. Full Function Devices (FFD), also called coordinators: these devices are
capable of relaying messages to other FFDs, including the PAN coordinator.
The first coordinator to send a beacon frame becomes the PAN coordinator,
then devices join the PAN coordinator as their parent, and among those devices
the FFDs also begin to transmit a periodic beaconor to respond to beacon
requests.
5. At this stage more devices may be able to join the network, using the PAN
coordinator or any FFD as their parent.
6. Reduced Function Devices (RFD) cannot route messages. Usually their
receivers are switched off except during transmission. They can be attached to
the network only as leaf nodes.
Two alternative topology models can be used within each network, each with its
corresponding data-transfer method:

The star topology: data transfers are possible only between the PAN coordinator
and the devices.

The peer to peer topology: data transfers can occur between any two devices.

Each network, identified by its PAN ID, is called a cluster.

A 802.15.4 network can be formed of multiple clusters (each having its own PAN
ID) in a tree configuration: the root PAN coordinator instructs one of the FFD to
become the coordinator of an adjacent PAN.

Each child PAN coordinator may also instruct a FFD to become a coordinator for
another PAN, and so on.
Association

A node joins the network by sending an association request to the coordinator’s

address. The association request specifies the PAN ID that the node wishes to
join, and a set of capability flags encoded in one octet:

1. Alternate PAN: 1 if the device has the capability to become a coordinator

2. Device type: 1 for a full function device (FFD), that is, a device capable of
becoming a
3. full function device (e.g., it can perform active network scans).
4. Power source: 1 if using mains power, 0 when using batteries.
5. Receiver on while transceiver is idle: set to 1 if the device is always listening.
6. Security capability: 1 if the device supports sending and receiving secure
MAC frames.
7. Allocation address: set to 1 if the device requests a short address from the
coordinator.
The coordinator assigns a 16-bit short address to the device (or 0xFFFE as
a special code meaning that the device can use its 64-bit IEEE MAC
address), or specifies the reason for failure (access denied or lack of
capacity).
Both the device and the coordinator can issue a disassociation request to end
the association.
When a device loses its association with its parent (e.g., it has been moved
out of range), it sends orphan notifications .
If it accepts the reassociation, the coordinator should send a realignment
frame that contains the PAN ID, coordinator short address, and the device
short address.
This frame can also be used by the coordinator to indicate a change of PAN
ID.
Addresses: EUI-64
1. Each 802.15.4 node is required to have a unique 64-bit address, called the
extended unique identifier (EUI-64).
2. In order to ensure global uniqueness, device manufacturers should acquire a 24-
bit prefix, the organizationally unique identifier (OUI), and for each device,
concatenate a unique 40-bit extension identifier to form the complete EUI-64.
3. In the OUI, one bit (M) is reserved to indicate the nature of the EUI-64 address
(unicast or multicast), and another bit (L) is reserved to indicate whether the
address was assigned locally, or is a universal address .
16-Bit Short Addresses
4. Since longer addresses increase the packet size, therefore require more
transmission time and more energy, devices can also request a 16-bit short
address from the PAN controller.
5. The special 16-bit address FFFF is used as the MAC broadcast address.
6. The MAC layer of all devices will transmit packets addressed to FFFF to the
upper layers.
 The physical layer (PHY) ultimately provides the data transmission service, as
well as the interface to the physical layer management entity, which offers
access to every layer management function and maintains a database of
information on related personal area networks.
Thus, the PHY manages the physical RF transceiver and performs channel
selection and energy and signal management functions.
With new allocations arising as a result of issues such as the digital dividend
and other countries adopting and using IEEE 802.15.4, other frequencies and
bands are being considered. These include: 314-316 MHz, 430-434 MHz, and
779-787 MHz frequency bands in China and the 950 MHz-956 MHz band in
Japan. Other frequencies are also being considered for UWB variants of
IEEE 802.15.4.
The original 2003 version of the standard specifies two physical layers based on
direct sequence spread spectrum (DSSS) techniques: one working in the 868/915 MHz
bands with transfer rates of 20 and 40 kbit/s, and one in the 2450 MHz band with a rate of
250 kbit/s.
he 2006 revision improves the maximum data rates of the 868/915 MHz bands, bringing
them up to support 100 and 250 kbit/s as well.four physical layers depending on the
modulation method used.
Three of them preserve the DSSS approach: in the 868/915 MHz bands, using either binary
or offset quadrature phase shift keying.
optional 868/915 MHz layer is defined using a combination of binary keying and
amplitude shift keying Dynamic switching between supported 868/915 MHz PHYs is
possible.
With new allocations arising as a result of issues such as the digital dividend and other
countries adopting and using IEEE 802.15.4, other frequencies and bands are being
considered. These include: 314-316 MHz, 430-434 MHz, and 779-787 MHz frequency bands
in China and the 950 MHz-956 MHz band in Japan. Other frequencies are also being
In August 2007, IEEE 802.15.4a was released expanding the four PHYs available in
the earlier 2006 version to six, including one PHY using Direct Sequence
ultra-wideband (UWB) and another using chirp spread spectrum (CSS). The UWB PHY
is allocated frequencies in three ranges: below 1 GHz, between 3 and 5 GHz, and
between 6 and 10 GHz. The CSS PHY is allocated spectrum in the 2450 MHz ISM
band.[6]
In April, 2009 IEEE 802.15.4c and IEEE 802.15.4d were released expanding the
available PHYs with several additional PHYs: one for 780 MHz band using O-QPSK or
MPSK,[7] another for 950 MHz using GFSK or BPSK.[8]
IEEE 802.15.4e was chartered to define a MAC amendment to the existing standard
802.15.4-2006 which adopts channel hopping strategy to improve support for the
industrial markets, increases robustness against external interference and persistent
multi-path fading. On February 6, 2012 the IEEE Standards Association Board
approved the IEEE 802.15.4e which concluded all Task Group 4e efforts.
MAC Layer
The medium access control (MAC) enables the transmission of MAC
frames through the use of the physical channel.

Besides the data service, it offers a management interface and itself

manages access to the physical channel and network beaconing. It
also controls frame validation, guarantees time slots and handles
node associations.

Finally, it offers hook points for secure services.

MAC Layer
The IEEE 802.15.4 MAC provides the interface to the application layer using two
elements:
● MAC Management Service: This is called the MAC Layer Management Entity,
MLME. It provides the service interfaces through which layer management
functions may be called or accessed. The IEEE 802.15.4 MAC MLME is also
responsible for controlling a database of objects for the MAC layer. This database
is referred to as the MAC layer PAN information base or PIB. The MLME also has
access to MCPS services for data transport activities.
● MAC Data Service: This si called the MAC Common Port Layer, MCPS. This
entity within the IEEE 802.15.4 MAC provides data transport services between the
peer MACs.
6LoWPAN
A low power wireless mesh network where every node has its own IPv6 address. This
allows the node to connect directly with the Internet using open standards.

6LoWPAN came to exist from the idea that the Internet Protocol could and should be applied
even to the smallest devices, and that low-power devices with limited processing
capabilities should be able to participate in the Internet of Things.
It is connecting more things to the cloud.
There are three types of LoWPANs : Ad-Hoc LoWPANs, Simple
LoWPANs, and Extended LoWPANs.

Ad-hoc LoWPANs are infrastructure less and not connected to the

internet.

A Simple LoWPANs is connected through one LoWPANs edge router to

another Internet Protocol (IP) network.

Extended LoWPANs have the LoWPANs consisting of multiple edge

routers along with a backbone link in order to interconnect them. The role
of edge router is as it routes traffic data or video in and out of the
LoWPANs.
The uplink to the Internet is handled by the Access Point (AP) acting as an
IPv6 router. Several different devices are connected to the AP in a typical
setup, such as PCs, servers, etc.

6LoWPAN networks are connected to other networks simply using IP routers.

The 6LoWPAN network is connected to the IPv6 network using an edge

router. The edge router handles three actions:

1) the data exchange between 6LoWPAN devices and the Internet (or other
IPv6 network);

2) local data exchange between devices inside the 6LoWPAN; and

3) the generation and maintenance of the radio subnet (the 6LoWPAN

network).
One 6LoWPAN network may be connected to other IP networks through
one or more edge routers that forward IP datagrams between different
media.

Connectivity to other IP networks may be provided through any arbitrary

link, such as Ethernet, Wi-Fi or 3G/4G.

Because 6LoWPAN only specifies operation of IPv6 over the IEEE

802.15.4 standard, edge routers may also support IPv6 transition
mechanisms to connect 6LoWPAN networks to IPv4 networks, such as
NAT64 defined in RFC 6146.

These IPv6 transition mechanisms do not require the 6LoWPAN nodes to

implement IPv4 in whole or in part.
Advantages of 6LoWPAN
● It works great with open IP standard including TCP, UDP, HTTP, COAP, MATT and
web-sockets.
● It offers end-to-end IP addressable nodes. There’s no need for a gateway, only a router
which can connect the 6LoWPAN network to IP.
● It supports self-healing, robust and scalable mesh routing.
● Offers one-to-many & many-to-one routing.
● The 6LoWPAN mesh routers can route data to others nodes in the network.
● In a 6LowPAN network, leaf nodes can sleep for a long duration of time.
● It also offers thorough support for the PHY layer which gives freedom of frequency band
& physical layer, which can be used across multiple communication platforms like
Ethernet, WI-Fi, 802.15.4 or Sub-1GHz ISM with interoperability at the IP level.
● It is a standard: RFC6282
Whilst 6LoWPAN was originally conceived to build on top of IEEE 802.15.4, a standard that set out
the lower layers for a 2.4 GHz low power wireless system, it is now being developed and adapted to
work with many other wireless bearers including Bluetooth Smart; power line control, PLC, and
low power Wi-Fi.The 6LoWPAN group have then defined the encapsulation and compression
mechanisms that enable the IPv6 data to be carried of the wireless network.

it was believed that using packet data over a low power wireless sensor network would offer
significant advantages in terms of data handling and management.
Because edge routers forward datagrams at the network layer they do not
maintain any application-layer state.

Other network architectures such as ZigBee®, Z-wave, Bluetooth® or proprietary

networks require stateful and sometimes complex application gateways to connect
to IP-based networks, such as the Internet.

These application gateways must understand any application profiles that may be
used in the network, and any changes to application protocols on the wireless
nodes must also be accompanied by changes on the gateway.

In contrast, IP-based border routers, like the edge router, remain agnostic to
application protocols used in the 6LoWPAN.

This lowers the burden put on the edge router in terms of processing power
thus making it possible to use embedded devices that are lower cost, runs simpler
software and has less complex hardware
6LoWPAN introduces an adaptation layer between the IP stack’s link and
network layers to enable transmission of IPv6 datagrams over IEEE 802.15.4
radio links.

The 6LoWPAN adaptation layer, providing adaptation from IPv6 to IEEE 802.15.4,
also resides in the data link layer.

HTTP uses XML, which is a text-based language with a large overhead.

Therefore, it is not optimal to use HTTP in many 6LoWPAN systems.

However, HTTP can still be very useful for communications between 6LoWPAN
and the Internet.

For this reason, the industry and community have developed alternative
application layer protocols, such as the constrained application protocol
(COAP), a message protocol running over UDP with a bit-optimized REST
mechanism very similar to HTTP
There are three main functions of this layer.

➔ First main function is header compression and decompression. This layer

compresses the IPv6 and UDP header. Various techniques have been
suggested to perform this function.
➔ Second function of adaptation layer is fragmentation and reassembly of
packets.
➔ Third major task of this layer is Routing.
➔ There are other functions of the adaptation layer on networking related things
like neighbour discovery and multicast support
IEEE 802.15.4 was designed to serve a different market, long-lived applications
that require large numbers of low-cost, ultra-low power devices.

The throughput under this standard is limited to 250 kbps, and the frame length is
limited to 127 bytes to ensure low packet and bit error rates in a lossy RF
environment.

IEEE 802.15.4 uses two addresses: a 16-bit short address and an EUI-64
extended address. These addresses reduce header overhead and minimize
memory requirements.

devices used to implement 6LoWPAN are typically constrained in terms of resources,

having about 16 kB RAM and 128 kB ROM.

6LoWPAN operates most commonly over multiple hops forming a low-power mesh
network, a fundamental difference from Ethernet- or Wi-Fi-based networks.
Challenges
IPv6 datagrams are not a natural fit for IEEE 802.15.4 networks. Low throughput,
limited buffering and datagrams that are one-tenth of IPv6 minimum MTU make
header compression and data fragmentation a necessity

Since IEEE 802.15.4 is both low power and low throughput, in addition to the use
of RF as media, it is more prone to spurious interference, link failures and
asymmetric links
The 6LoWPAN adaptation layer
When sending data over MAC and PHY layers, an adaptation layer is always
used.

RFC 6282 defines how an IPv6 data frame is encapsulated over an IEEE 802.15.4
radio link.

Header compression, which compresses the 40-byte IPv6 and 8-byte UDP
headers by assuming the usage of common fields.

Fragmentation and reassembly. The data link of IEEE 802.15.4 with a frame
length of maximum 127 bytes does not match the MTU of IPv6, which is 1280
bytes.
 Stateless auto configuration is the process where devices inside the 6LoWPAN
network automatically generate their own IPv6 address.

There are methods to avoid the case where two devices get the same address;
this is called duplicate address detection (DAD).

Throughout the 6LoWPAN adaptation layer, the key concept is to use stateless or
shared-context compression to elide header fields. This can compress all
headers (adaptation, network and transport layers) down to a few bytes.

in 6LoWPAN stateless and shared-context compression is used, which does

not require any state and lets routing protocols dynamically choose routes
without affecting compression ratio.
1. Communication between two devices inside the same 6LoWPAN network, using
link-local addresses, the IPv6 header can be compressed to only 2 bytes.

2. Communication destined to a device outside of the 6LoWPAN network and the

prefix for the external network is known, where the IPv6 header can be
compressed to 12 bytes.

3. Similar to 2, but without knowing the prefix of the external device, that gives an
IPv6 header of 20 bytes.
IPV6 headers
Fragmentation and Reassembly
To enable transmission over radio links packets are fragmented and assembled
with addition of extended information which are latter dropped.

Mesh-Under routing - reassembly done at destination.

Route -Over routing -reassembly at each hop.

If any fragments are missing (in a mesh-under system) during the reassemble, the
complete packet needs to be re-transmitted.

If possible, fragmentation should be avoided as long as possible since it

negatively impacts the battery life of a device.

Therefore, keeping the payload low (includes selecting the appropriate application
level protocols) and using header compression are of the utmost importance.
Routing
Two categories of routing are defined: mesh-under or route-over.

Mesh-under uses the layer-two (link layer) addresses (IEEE 802.15.4 MAC or short address)
to forward data packets; while route-over uses layer three (networklayer) addresses (IP
addresses).

All fragments will be sent to the next hop by mesh routing and finally reach to the
destination. Different fragments of one IP packet might reach the destination via different
route-paths.

If all fragments are received at the destination successfully, the destination’s adaptation layer
reassembles all fragments into an IP packet. The adaptation layer of destination node starts
reconstruction process.

However, any fragment is missing in forwarding process; all fragments of this IP packet are
retransmitted from the source to the destination.
In route-over scheme, each sensor node inside the route path acts as an IP router. The
IP packet is forwarded hop by hop from the source node to the destination node .

The IP packet’s payload is encapsulated with IPv6 header. After that, IP packet is
fragmented by the adaptation layer and all IP fragments will be sent to the next hop
based on routing table.

The next hop has to reassemble them in order to reconstruct the original IP packet in
adaptation layer when all fragments are received successfully. The reconstruction
process starts only when the last fragment arrives.

Once reconstructed, the IP packet will be sent to the network layer. Finally, the IP
packet will be fragmented again and these fragments will be delivered to the nexthop.

However, the retransmission executes only in one-hop distance if there is any fragment
lost in this forwarding process.
Auto configuration and neighbor discovery

Auto configuration is the autonomous generation of a device’s IPv6 address. The

process is essentially different between IPv4 and IPv6.

In IPv6 it allows a device to automatically generate its IPv6 address without any
outside interaction with a DHCP server or such.

Two methods using NDP or using source auto configuration

To get an address, a host can communicate via neighbor discovery protocol

(NDP).Address generation involves four messages

● Router solicitation (RS)

● Router advertisement (RA)
● Neighbor solicitation (NS)
● Neighbor advertisement (NA)
The RS message includes the IPv6 prefix of the network. All routers in the network
periodically send out these messages.

If a host wants to participate in a 6LoWPAN network, it assigns itself a link-local

unicast address (FE80::IID),then sends this address in an NS message to all other
participants in the subnet to check if the address is being used by someone else.

If it does not hear an NA message within a defined timeframe,it assumes that the
address is unique. This procedure is called duplicate address detection,DAD.

Now, to get the network prefix, the host sends out an RS message to the router to
get the correct prefix. Using these four messages, a host is able to assign itself a
worldwide unique IPv6 address.
Security
6LoWPAN takes advantage of the strong AES-128 link layer security defined in IEEE
802.15.4. The link layer security provides link authentication and encryption. In addition to
link layer security, transport layer security (TLS) mechanisms have been shown to work
great in 6LoWPAN systems.

For constrained environments and systems where UDP is chosen as the transport layer
protocol, the RFC 6347 (datagram transport layer security) can be used to provide
security at the transport layer.

However, it should be noted that implementing TLS/DTLS requires the devicet o have
necessary resources, such as a hardware encryption engine to enable the use of
advanced cipher suites, etc.

A device especially developed for this purpose is TI’s CC2538 wireless MCU, which
integrates a powerful ARM® Cortex®-M3 CPU and an IEEE 802.15.4 radio. The device has
up to 512kB Flash and 32kB RAM, and also features a hardware encryption engine capable
of supporting TLS/DTLS.